Application Delivery Management

Use cases

Monitoring the SSL interceptions

A Citrix ADC appliance enables you to inspect your encrypted outbound traffic. You can intercept, bypass, or block any HTTPS requests based on policies configured on the appliance. Citrix Application Delivery Management (ADM) provides the following details about the SSL connections in the Outbound Traffic Dashboard for a selected time frame:

  • Number of SSL connections that are intercepted, not intercepted, and reset by the Citrix ADC appliance

  • Transaction details of the SSL connections

Using these details, you can further fine-tune the policies on your Citrix ADC appliance to efficiently inspect the encrypted outbound traffic. For more information, see Citrix SSL Forward Proxy.

To display the number of SSL connections that have been intercepted, not intercepted, and reset:

Navigate to Applications > Outbound Traffic Dashboard. The Outboard Traffic Dashboard displays the number of SSL connections that are intercepted, not intercepted, and reset.

Outbound traffic

To display the transaction details of the SSL connections that have been intercepted:

  1. Navigate to Applications > Outbound Traffic Dashboard.

  2. On the Outboard Traffic Dashboard, click the total count in the SSL INTERCEPTS section.

    SSL intercepts

The transaction details of the SSL connections that were intercepted during the selected time frame are displayed on the Transaction Details page.

Transaction details

You can further filter the transactions details by user and URL category.

To view the transaction details of the SSL connections on which traffic was not intercepted:

  1. Navigate to Applications > Outbound Traffic Dashboard.

  2. In the Outboard Traffic Dashboard, click the total count in the Not-intercepted SSL Connections section.

    not intercepted SSL connections

The transaction details of the SSL connections on which traffic was not intercepted during the selected time frame appear in the Transaction Details page.

Transaction details1

You can further filter the transactions details by user and URL category.

To display the transaction details of the SSL connections that are reset:

  1. Navigate to Applications > Outbound Traffic Dashboard.

  2. On the Outboard Traffic Dashboard, click the total count in the Reset SSL Connections section.

    Reset SSL connections

The transaction details of the SSL connections on which traffic was not intercepted during the selected time frame appear on the Transaction Details page.

SSL transaction details

You can further filter the transactions details by the user and URL category.

Inspecting endpoints

The policies you have configured on a Citrix ADC appliance specify how the appliance logs all the user activities performed in your enterprise. Citrix ADM provides key metrics that you can use to determine:

  1. Browsing behavior of users in your enterprise.

  2. URL categories accessed by the users in your enterprise.

  3. Top five users, based on their risk scores and the bandwidth they consume. For more information about risk scores, see Risk Score.

  4. Browsers used to access the URLs or domains.

  5. Amount web traffic generated by the users, based on the traffic reputation score.

For example, if a user with user id testuser3 constantly accesses malware related sites in your enterprise, Citrix ADM identifies the user as a high-risk activity user and assigns a higher risk score. The testuser3 information is displayed in the Top Users section of the User Dashboard.

Top users

You can click testuser3 to filter the User Dashboard to display all the key metrics related to testuser3.

User dashboard

In the User Activity Investigation pane, the high-risk activity of testuser3 is displayed as events in the respective URL categories.

User activity investigation

You can hover over the events to display the number of events, and you can click events to investigate the transactions that occurred during the events.

Transactions

With this information, you can determine whether your system is infected by malware, or you can understand the bandwidth consumption pattern of the user and fine-tune your Citrix ADC policies. For more information, see Citrix SSL Forward Proxy Documentation.

Reporting bandwidth consumption

The Outbound Traffic Dashboard and the User Dashboard provide multiple charts that summarize the websites or applications accessed from the enterprise network, and the activities performed by the users in your network.

The Outbound Traffic Dashboard provides the details of data-volume consumption by the URLs or domains that were accessed from your network. Navigate to Applications > Outbound Traffic Dashboard, where the data volume details are shown in the Data Volume section.

Bandwidth consumption

In the Outbound Traffic Overview pane, you can click a domain or URL to display the details of the data volume consumed by the domain or URL.

Outbound traffic

The User Dashboard provides details about the bandwidth consumed by the users in your network. Navigate to Users > Dashboard to display the details of the bandwidth consumed by users in the DATA VOLUME section in the User Dashboard.

User dashboard

You can view the details of the bandwidth consumed by a user by selecting the user from the Top Users section. The DATA VOLUME section and other key metrics in the chart are filtered for the selected user.

Data volume

Using these details, you can understand the bandwidth consumption and the reason for the consumption. For example, if a user is accessing social networking websites and this has caused much bandwidth consumption, the administrator can access the Citrix ADC appliance and configure a URL List feature to control access to the websites. For more information, see Use Case: URL Filtering by using Custom URL Set topic.

Viewing outbound traffic distribution

The Citrix ADC appliance provides URL categorization and filtering features that you can use to categorize the URLs that are accessed from your network. In Citrix ADM, the Outbound Traffic Dashboard includes an Outbound Traffic Overview pane. In the Outbound Traffic Overview pane, Citrix ADM groups the accessed URLs or domains into categories, such as Shopping, News, Mobile, and so on to show the outbound traffic distribution in your network. For a selected time frame, you can click the URL, to understand the:

  1. Bandwidth consumed by accessing the URL

  2. Transactions that occurred while accessing the URL

  3. Number of SSL connections that were intercepted, not intercepted, and reset while accessing the URL

With this information, you can understand the outbound traffic pattern and make corrective decisions, such as whether to block certain URLs.

To view Outbound Traffic Distribution:

Navigate to Applications > Outbound Traffic Dashboard. The Outboard Traffic Dashboard displays the URLs in the Outbound Traffic Overview pane:

Traffic distribution

If you want to view the details of a particular URL, select the URL.

Using this information, you can understand the outbound traffic pattern and control your network traffic using a URL Filter configured on your Citrix ADC appliance. For more information, see URL Filtering.

Use cases